General Topics

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer!

This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussi

...

outside to inside nat tcp and udp specific?

i have a situation where outside users will tupe in a public ip which the palo alto will nat it into a inside privtae address like

destination "public" x.x.x.x port udp 8443 >>> translated destination "private" y.y.y.y udp 8443

,but when i tired to

...

Resolved! GlobalProtect with MFA - Always On

I was wondering if anyone here using GlobalProtect with MFA, such as Duo, Okta or Ping.

Currently, clients portal app is set to User-Logon (Always On). I'd like to implement MFA for GP, but also keeping the always on functionality.

The question is i

...

TAP multiple virtual routers

Has anyone successfully setup a TAP interface on a pair of 5220s with multiple VRs to send the traffic to a single TAP interface/zone? Trying to integrate a sensor appliance in, but it's not passing any traffic...open to any suggestions at this poin

...

Resolved! possible to use mgmt port subnet same as inside int subnet?

is it possible to set the mgmt port ip subnet same as the inside interface ip subnet? or it needs to be different subnet?

Resolved! two Internetconnection IpSec build

Hello, I have two PAs and want to build IPSec tunnels between them. one PA A has a static IP. The other PA B has two internet connections. One with a static IP and one with a dynamic IP. Now I want to build two tunnels from device B to the A side. my

...

Facing issue in pushing the policy from Panorama to firewall

Dear Team,

We are facing issues in pushing the policy from Panorama to firewall.

The commit is successful in passive device but having problem in active device. Tried 2 to 3 times but same issues.

Thanks in advance

Resolved! Granular URL Monitoring

I want to be able to grab full URLs when specific sites are visited e.g. github so I can see what app/repo is being hit. Right now all I get is the domain.

How granular can URL monitoring be? Can I get a full URL from URL filtering or URL category hi

...

Pushing From Panorama to Firewall, Commit Failed Ethernet 1/1 in use.

Guys sorry for the newb question but our company just up and ordered a bunch of PA stuff.

We configure a firewall to access the Internet and connect to panorama on Ethernet 1\1.

We import the devices settings into panorama and achieve a sync.

Now we

...

SSL Decryption Certificate, Which IP to use?

Quick Q:

When creating the certificate for forward proxy decryption, whcih IP should be used. I expect the internal trusted IP?

Cheers

Rob

confused with PA-220 licensing and features

im having difficulty understaing the licensing on palo alto , from the attached pictures do i have the anti-virus , vulnrability protection , anti-spyware , url filtering , file blocking , data filtering and wild fire? or does each of them need a lic

...

after applying security rule getting strange message

i appliied a security rule and did a security profile on it but after applying it im getting this message

Resolved! PA HA failover and IPSEC connection shows inactive

Yesterday during PAN OS upgrade when Passive PA became active I saw that our IPSEC connections stopped working.

CLI shows status as inactive

I did clear vpn command

test phase 1 and phase 2 still samething.

Only way to make this work was via restartin

...

Mitigating CVE-2019-0624

HI @reaper , @gwesson

I'm seeing the subjected CVE is missing in palo alto vulnerability profile.

How can I mitigate this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2019-0624

Regards

Venky

Dynamic update release date

Hi Community,

Hope somebody can address my below query.

I am able to see the Release date of App&threat version 8146-5421 as 2019-04-25 UTC in both threat vault and support portal( is it actually UTC time??, i am seeing 1-day gap here !),

But my firewa

...

Block XLSM, AHK extensions

Hi Team

How to block the XLSM, AHK extensions in firewall?

Please help us

Regards

Mohammed Asik

Discussions

Discover LIVEcommunity Through Our New Animated Explainer Video!

outside to inside nat tcp and udp specific?

Resolved! GlobalProtect with MFA - Always On

TAP multiple virtual routers

Resolved! possible to use mgmt port subnet same as inside int subnet?

Resolved! two Internetconnection IpSec build

Facing issue in pushing the policy from Panorama to firewall

Resolved! Granular URL Monitoring

Pushing From Panorama to Firewall, Commit Failed Ethernet 1/1 in use.

SSL Decryption Certificate, Which IP to use?

confused with PA-220 licensing and features

after applying security rule getting strange message

Resolved! PA HA failover and IPSEC connection shows inactive

Mitigating CVE-2019-0624

Dynamic update release date

Block XLSM, AHK extensions

PA-3260 Hardware EOL

Request: List of GTIN / UPC Barcodes for Palo Alto Networks Products

Questions about PAN-303959

Does Palo Alto provide free exam vouchers for their customers?

Is there any way to apply multiple interface management profiles

Re: Error opening support ticket

Re: IP Wildcard Mask Address Objects

Re: What is still missing or needs to be improved in PA Next Generation Firewalls ?

Re: High Availability Latency / Bandwidth Requirements

Re: High Availability Latency / Bandwidth Requirements

Unlock your full community experience!

Resolved! GlobalProtect with MFA - Always On

Resolved! possible to use mgmt port subnet same as inside int subnet?

Resolved! two Internetconnection IpSec build

Resolved! Granular URL Monitoring

Resolved! PA HA failover and IPSEC connection shows inactive